Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Security Authors: Ambuj Kumar, Shelly Palmer, Slavik Markovich, Elizabeth White, Greg Ness

Related Topics: Security Journal, Government Cyber Assurance, CyberSecurity Journal

Blog Post

Stealth Mode: Inside the White House’s Network By @ForeScout [#Security]

Federal agencies need to become more proactive and aggressive in protecting their biggest assets – their data

Recent data breaches involved an unclassified computer network used by President Obama's senior staff, prompting countermeasures by the administration and resulting in temporary system outages. Officials said the attack did not appear to be aimed at destruction of either data or hardware, or assuming control of other systems at the White House, which poses the question - what were the hackers looking for?

Washington Post reports have disclosed cyber-espionage campaigns by hackers thought to be working for the Russian government. Targets have included NATO, the Ukrainian government and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top-tier of states with cyber-capabilities. The Washington Post also reported the nature of this breach is consistent with a state-sponsored attack.

Interestingly, FireEye developed a report supporting this assertion. According to the report, APT (Advanced Persistent Threats) 28: A Window Into Russia's Cyber Espionage Operations, FireEye believes APTs that target malware, language and focused operations indicate a government sponsor that is most likely Russian. While there have been no reports that definitively confirm the Russian government was responsible for this particular breach, the ways in which the actors behaved are similar to those described in the FireEye report.

The truth is, attacks such as this are becoming more prevalent and the actors are becoming more devious. The Department of Homeland Security reports that cyberattacks are growing more "sophisticated, frequent, and dynamic." To decrease the likelihood of future breaches, government entities are encouraged to join the Continuous Diagnostics and Mitigation (CDM) program to implement tools that identify cybersecurity risks on a continuous basis, prioritize risks based upon potential impact, and enable cybersecurity personnel to mitigate the most significant problems first.

Different agencies in the federal government experience breaches of increasing levels of gravity, which results in these particular agencies moving up in priority on the CDM task order list and getting closer to obtaining funds for CDM. Sadly, it seems as though a data breach needs to happen before elevating it within the task order listing, which is a bit of circular logic. Agencies should take a more proactive stance by:

  • Shifting their security mindsets from "incident response" to "continuous response," wherein systems are assumed to be compromised and require continuous monitoring and remediation
  • Adopting an adaptive security architecture for protection from advanced threats
  • Spending less on prevention; investing in detection, response and predictive capabilities

Federal agencies need to become more proactive and aggressive in protecting their biggest assets - their data.

More Stories By Wallace Sann

Wallace Sann is federal chief technology officer (CTO) with ForeScout Technologies. In this role he provides technical leadership for ForeScout’s federal programs and product & certification roadmap, while also overseeing the federal systems engineering team. More than 1,800 of the largest enterprises and government organizations in 62 countries use ForeScout’s next-gen network access control for continuous monitoring and mitigation of network threats. The company, located in Campbell, Calif., is a leader in Gartner's network access control Magic Quadrant.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.